fix: harden numeric conversions for gosec

.github/workflows/gosec.yml

@@ -0,0 +1,58 @@
+name: gosec
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: "0 0 * * 0"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@de65614d10a6b84029e3e1215567b8ce7e490f23 # master, gosec 2.26.1
+        with:
+          args: "-no-fail -fmt sarif -out results.sarif ./..."
+
+      - name: Upload SARIF artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
+        with:
+          name: gosec-sarif
+          path: results.sarif
+          if-no-files-found: error
+          retention-days: 7
+
+  upload-sarif:
+    needs: scan
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Download SARIF artifact
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+        with:
+          name: gosec-sarif
+          path: .
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@7c1e4cf0b20d7c1872b26569c00ba908797a59bf # v4
+        with:
+          sarif_file: results.sarif

.gitignore

@@ -17,3 +17,4 @@
 .DS_Store
 .idea
 .vscode
+.gocache/

def/error.go

@@ -19,6 +19,7 @@ var (
 	ErrCanNotDecode           = fmt.Errorf("%winvalid code", ErrMsgpack)
 	ErrCanNotSetSliceAsMapKey = fmt.Errorf("%wcan not set slice as map key", ErrMsgpack)
 	ErrCanNotSetMapAsMapKey   = fmt.Errorf("%wcan not set map as map key", ErrMsgpack)
+	ErrValueOutOfRange        = fmt.Errorf("%wvalue out of range", ErrMsgpack)
 
 	// encoding errors
 

ext/encode.go

@@ -1,6 +1,7 @@
 package ext
 
 import (
+	"encoding/binary"
 	"reflect"
 )
 
@@ -28,117 +29,92 @@ type Encoder interface {
 // as well as methods to write raw byte slices into a target byte slice.
 type EncoderCommon struct{}
 
+func setUint64Bytes(value uint64, offset int, size int, d *[]byte) int {
+	switch size {
+	case 1:
+		(*d)[offset] = byte(value) // #nosec G115 -- MessagePack writes the selected low-order byte.
+	case 2:
+		binary.BigEndian.PutUint16((*d)[offset:], uint16(value)) // #nosec G115 -- MessagePack writes the selected low-order bytes.
+	case 4:
+		binary.BigEndian.PutUint32((*d)[offset:], uint32(value)) // #nosec G115 -- MessagePack writes the selected low-order bytes.
+	case 8:
+		binary.BigEndian.PutUint64((*d)[offset:], value)
+	default:
+		panic("invalid uint64 byte size")
+	}
+	return offset + size
+}
+
 // SetByte1Int64 encodes a single byte from the given int64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the byte.
 func (c *EncoderCommon) SetByte1Int64(value int64, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value)
-	return offset + 1
+	return setUint64Bytes(uint64(value), offset, 1, d) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // SetByte2Int64 encodes the lower two bytes of the given int64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte2Int64(value int64, offset int, d *[]byte) int {
-	(*d)[offset+0] = byte(value >> 8)
-	(*d)[offset+1] = byte(value)
-	return offset + 2
+	return setUint64Bytes(uint64(value), offset, 2, d) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // SetByte4Int64 encodes the lower four bytes of the given int64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte4Int64(value int64, offset int, d *[]byte) int {
-	(*d)[offset+0] = byte(value >> 24)
-	(*d)[offset+1] = byte(value >> 16)
-	(*d)[offset+2] = byte(value >> 8)
-	(*d)[offset+3] = byte(value)
-	return offset + 4
+	return setUint64Bytes(uint64(value), offset, 4, d) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // SetByte8Int64 encodes all eight bytes of the given int64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte8Int64(value int64, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 56)
-	(*d)[offset+1] = byte(value >> 48)
-	(*d)[offset+2] = byte(value >> 40)
-	(*d)[offset+3] = byte(value >> 32)
-	(*d)[offset+4] = byte(value >> 24)
-	(*d)[offset+5] = byte(value >> 16)
-	(*d)[offset+6] = byte(value >> 8)
-	(*d)[offset+7] = byte(value)
-	return offset + 8
+	return setUint64Bytes(uint64(value), offset, 8, d) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // SetByte1Uint64 encodes a single byte from the given uint64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the byte.
 func (c *EncoderCommon) SetByte1Uint64(value uint64, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value)
-	return offset + 1
+	return setUint64Bytes(value, offset, 1, d)
 }
 
 // SetByte2Uint64 encodes the lower two bytes of the given uint64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte2Uint64(value uint64, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 8)
-	(*d)[offset+1] = byte(value)
-	return offset + 2
+	return setUint64Bytes(value, offset, 2, d)
 }
 
 // SetByte4Uint64 encodes the lower four bytes of the given uint64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte4Uint64(value uint64, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 24)
-	(*d)[offset+1] = byte(value >> 16)
-	(*d)[offset+2] = byte(value >> 8)
-	(*d)[offset+3] = byte(value)
-	return offset + 4
+	return setUint64Bytes(value, offset, 4, d)
 }
 
 // SetByte8Uint64 encodes all eight bytes of the given uint64 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte8Uint64(value uint64, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 56)
-	(*d)[offset+1] = byte(value >> 48)
-	(*d)[offset+2] = byte(value >> 40)
-	(*d)[offset+3] = byte(value >> 32)
-	(*d)[offset+4] = byte(value >> 24)
-	(*d)[offset+5] = byte(value >> 16)
-	(*d)[offset+6] = byte(value >> 8)
-	(*d)[offset+7] = byte(value)
-	return offset + 8
+	return setUint64Bytes(value, offset, 8, d)
 }
 
 // SetByte1Int encodes a single byte from the given int value into the byte slice at the specified offset.
 // Returns the new offset after writing the byte.
 func (c *EncoderCommon) SetByte1Int(code, offset int, d *[]byte) int {
-	(*d)[offset] = byte(code)
-	return offset + 1
+	return setUint64Bytes(uint64(code), offset, 1, d) // #nosec G115 -- callers pass bounded MessagePack code or length values.
 }
 
 // SetByte2Int encodes the lower two bytes of the given int value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte2Int(value int, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 8)
-	(*d)[offset+1] = byte(value)
-	return offset + 2
+	return setUint64Bytes(uint64(value), offset, 2, d) // #nosec G115 -- callers pass bounded MessagePack length values.
 }
 
 // SetByte4Int encodes the lower four bytes of the given int value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte4Int(value int, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 24)
-	(*d)[offset+1] = byte(value >> 16)
-	(*d)[offset+2] = byte(value >> 8)
-	(*d)[offset+3] = byte(value)
-	return offset + 4
+	return setUint64Bytes(uint64(value), offset, 4, d) // #nosec G115 -- callers pass bounded MessagePack length values.
 }
 
 // SetByte4Uint32 encodes the lower four bytes of the given uint32 value into the byte slice at the specified offset.
 // Returns the new offset after writing the bytes.
 func (c *EncoderCommon) SetByte4Uint32(value uint32, offset int, d *[]byte) int {
-	(*d)[offset] = byte(value >> 24)
-	(*d)[offset+1] = byte(value >> 16)
-	(*d)[offset+2] = byte(value >> 8)
-	(*d)[offset+3] = byte(value)
-	return offset + 4
+	return setUint64Bytes(uint64(value), offset, 4, d)
 }
 
 // SetBytes writes the given byte slice `bs` into the target byte slice at the specified offset.

ext/encode_stream.go

@@ -32,115 +32,62 @@ func CreateStreamWriter(w io.Writer, buf *common.Buffer) StreamWriter {
 
 // WriteByte1Int64 writes a single byte representation of an int64 value.
 func (w *StreamWriter) WriteByte1Int64(value int64) error {
-	return w.buf.Write(w.w,
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 1) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // WriteByte2Int64 writes a two-byte representation of an int64 value.
 func (w *StreamWriter) WriteByte2Int64(value int64) error {
-	return w.buf.Write(w.w,
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 2) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // WriteByte4Int64 writes a four-byte representation of an int64 value.
 func (w *StreamWriter) WriteByte4Int64(value int64) error {
-	return w.buf.Write(w.w,
-		byte(value>>24),
-		byte(value>>16),
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 4) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // WriteByte8Int64 writes an eight-byte representation of an int64 value.
 func (w *StreamWriter) WriteByte8Int64(value int64) error {
-	return w.buf.Write(w.w,
-		byte(value>>56),
-		byte(value>>48),
-		byte(value>>40),
-		byte(value>>32),
-		byte(value>>24),
-		byte(value>>16),
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 8) // #nosec G115 -- MessagePack encodes signed integers as two's-complement bytes.
 }
 
 // WriteByte1Uint64 writes a single byte representation of a uint64 value.
 func (w *StreamWriter) WriteByte1Uint64(value uint64) error {
-	return w.buf.Write(w.w,
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, value, 1)
 }
 
 // WriteByte2Uint64 writes a two-byte representation of a uint64 value.
 func (w *StreamWriter) WriteByte2Uint64(value uint64) error {
-	return w.buf.Write(w.w,
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, value, 2)
 }
 
 // WriteByte4Uint64 writes a four-byte representation of a uint64 value.
 func (w *StreamWriter) WriteByte4Uint64(value uint64) error {
-	return w.buf.Write(w.w,
-		byte(value>>24),
-		byte(value>>16),
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, value, 4)
 }
 
 // WriteByte8Uint64 writes an eight-byte representation of a uint64 value.
 func (w *StreamWriter) WriteByte8Uint64(value uint64) error {
-	return w.buf.Write(w.w,
-		byte(value>>56),
-		byte(value>>48),
-		byte(value>>40),
-		byte(value>>32),
-		byte(value>>24),
-		byte(value>>16),
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, value, 8)
 }
 
 // WriteByte1Int writes a single byte representation of an int value.
 func (w *StreamWriter) WriteByte1Int(value int) error {
-	return w.buf.Write(w.w,
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 1) // #nosec G115 -- callers pass bounded MessagePack code or length values.
 }
 
 // WriteByte2Int writes a two-byte representation of an int value.
 func (w *StreamWriter) WriteByte2Int(value int) error {
-	return w.buf.Write(w.w,
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 2) // #nosec G115 -- callers pass bounded MessagePack length values.
 }
 
 // WriteByte4Int writes a four-byte representation of an int value.
 func (w *StreamWriter) WriteByte4Int(value int) error {
-	return w.buf.Write(w.w,
-		byte(value>>24),
-		byte(value>>16),
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 4) // #nosec G115 -- callers pass bounded MessagePack length values.
 }
 
 // WriteByte4Uint32 writes a four-byte representation of a uint32 value.
 func (w *StreamWriter) WriteByte4Uint32(value uint32) error {
-	return w.buf.Write(w.w,
-		byte(value>>24),
-		byte(value>>16),
-		byte(value>>8),
-		byte(value),
-	)
+	return w.buf.WriteUint64(w.w, uint64(value), 4)
 }
 
 // WriteBytes writes a slice of bytes to the underlying writer.